Authentication verifies the claim about the identity of an entity (e.g., a person or a system). The information about human physiological and behavioral traits, collectively called biometric information or simply biometrics, can be used to identify a particular individual with a high degree of certainty and therefore can authenticate this individual by measuring, analyzing, and using these traits. Well-known types of biometrics include face photographs, fingerprints, iris and retina scans, palm prints, and blood vessel scans. A great variety of specific devices, hereinafter referred to as biometric scanners, are used to capture and collect biometric information, and transform the biometric information into signals for further use and processing. Despite all advantages (e.g., convenience) of using biometrics over using other methods for authentication of people, the biometric information can have significant weaknesses. For example, the biometric information has a low level of secrecy because it can be captured surreptitiously by an unintended recipient and without the consent of the person whom it belongs to. Furthermore, if once compromised, the biometric information is not easily changeable or replaceable, and it cannot be revoked. Another problem is that the biometric information is inexact, may change over time, and is “noisy” (e.g., it is not like a password or a PIN code) as it cannot be reproduced exactly from one measurement to another, and therefore it can be matched only approximately, which gives rise to authentication errors. All these weaknesses and problems imperil the confidence in the reliable use of biometrics in everyday life.
One of the most widely used biometrics is the fingerprint. It has been used for identifying individuals for over a century. The surface of the skin of a human fingertip consists of a series of ridges and valleys that form a unique fingerprint pattern. The fingerprint patterns are highly distinct, they develop early in life, and their details are relatively permanent over time. In the last several decades, the extensive research in algorithms for identification based on fingerprint patterns has led to the development of automated biometric systems using fingerprints for various applications, including law enforcement, border control, enterprise access, and access to computers and to other portable devices. Although fingerprint patterns change little over time, changes in the environment (e.g., humidity and temperature changes), cuts and bruises, dryness and moisture of the skin, and changes due to aging pose certain challenges for the identification of individuals by using fingerprint patterns in conjunction with scanners. However, similar problems also exist when identifying individuals by using other biometric information.
Using biometric information for identifying individuals typically involves two steps: biometric enrolment and biometric verification. For example, in case of fingerprints, a typical biometric enrolment requires acquiring one or more (typically three) fingerprint images with a fingerprint scanner, extracting from the fingerprint image information that is sufficient to identify the user, and storing the extracted information as template biometric information for future comparison with subsequently acquired fingerprint images. A typical biometric verification involves acquiring another, subsequent image of the fingertip and extracting from that image query biometric information which is then compared with the template biometric information. If the two pieces of information are sufficiently similar, the result is deemed to be a biometric match. In this case, the user's identity is verified positively and the user is authenticated successfully. If the compared information is not sufficiently similar, the result is deemed a biometric non-match, the verification of the user's identity is negative, and the biometric authentication fails.
One proposed way for improving or enhancing the security of the systems that use biometric information is by using digital watermarking—embedding information into digital signals that can be used, for example, to identify the signal owner or to detect tampering with the signal. The digital watermark can be embedded in the signal domain, in a transform domain, or added as a separate signal. If the embedded information is unique for every particular originator (e.g., in case of image, the originator is the camera or the scanner used to acquire the image), the digital watermark can be used to establish the authenticity of the digital signal by using methods taught in the prior art. However, robust digital watermarking, i.e., one that cannot be easily detected, removed, or copied, requires computational power that is typically not available in biometric scanners and, generally, comes at high additional cost. In order to ensure the uniqueness of the originator (e.g., the camera or the scanner), the originator also needs an intrinsic source of randomness.
To solve the problem of associating a unique number with a particular system or a device, it has been proposed to store this number in a flash memory or in a mask Read Only Memory (ROM). The major disadvantages of this proposal are the relatively high added cost, the man-made randomness of the number, which number is usually generated during device manufacturing, and the ability to record and track this number by third parties. Prior art also teaches methods that introduce randomness by exploiting the variability and randomness created by mismatch and other physical phenomena in electronic devices or by using physically unclonable functions (PUF) that contain physical components with sources of randomness. Such randomness can be explicitly introduced (as a design by the system designer) or intrinsically present (e.g., signal propagation delays within batches of integrated circuits are naturally different). However, all of these proposed methods and systems come at additional design, manufacturing, and/or material cost.
Prior art teaches methods for identification of digital cameras based on the two types of sensor pattern noise: fixed pattern noise and photo-response non-uniformity. However, these methods are not suited to be used for biometric authentication using fingerprints because said methods require many (in the order of tens to one hundred) images. These prior art methods also use computationally intensive signal processing with many underlying assumptions about the statistical properties of the sensor pattern noise. Attempts to apply these methods for authentication of optical fingerprint scanners have been made in laboratory studies without any real success and they are insufficiently precise when applied to capacitive fingerprint scanners, because the methods implicitly assume acquisition models that are specific for the digital cameras but which models are very different from the acquisition process of capacitive fingerprint scanners. The attempts to apply these methods to capacitive fingerprint scanners only demonstrated their unsuitability, in particular for systems with limited computational power. In addition, these methods are not suited for a big class of fingerprint scanners known as swipe (also slide or sweep) fingerprint scanners, in which a row (or a column) of sensing elements sequentially, row by row (or column by column), scan the fingertip skin, from which scans a fingerprint image is then constructed. The acquisition process in digital cameras is inherently different as cameras typically acquire the light coming from the object at once, e.g., as a “snapshot,” so that each sensing element produces the value of one pixel in the image, not a whole row (or column) of pixels as the swipe scanners do. Prior art also teaches methods for distinguishing among different types and models of digital cameras based on their processing artifacts (e.g., their color filter array interpolation algorithms), which is suited for camera classification determining the brand or model of a given camera), but not for camera identification (i.e., determining which particular camera has acquired a given image).
Aside from the high cost associated with the above described security proposals, another disadvantage is that they cannot be used in biometric scanners that have already been manufactured and placed into service.